AlumnForce: 2.7 Million Alumni Records From Elite French Institutions Listed for Sale

AlumnForce, a French platform providing alumni networking and community services to prestigious academic institutions, has reportedly been breached. A threat actor is advertising 2.7 million user records for sale, spanning nearly four decades of enrollment data from 49 institutions including Sciences Po, HEC Paris, and École Polytechnique. Sample data reviewed by researchers reportedly contains personal and professional details of several current French government officials.

What Happened

A threat actor has claimed to have compromised AlumnForce's infrastructure and exfiltrated a database containing 2.7 million user records. The dataset reportedly covers user registrations and enrollment information from 1987 through 2026, indicating that both historical alumni records and current active accounts were accessed. The breach impacts 49 French academic institutions that rely on AlumnForce to manage their alumni communities, career services, and professional networking portals. The data is reportedly being offered for sale, though the asking price and marketplace have not been publicly disclosed.

What Was Taken

The exposed dataset reportedly includes a broad range of personally identifiable and professional information:

Full names and email addresses
Phone numbers and postal codes
Employer names and job titles
Education histories and institutional affiliations
Salary ranges and job-search preferences

The breadth of fields makes this dataset particularly valuable for social engineering. Salary data and job-search preferences are rarely exposed in breaches of this type and provide attackers with highly actionable context for crafting targeted lures. The confirmed presence of current French government members in sample data elevates this from a routine platform breach to a matter of national security concern.

Why It Matters

This breach sits at the intersection of several high-value targeting categories. Alumni networks of elite institutions like Sciences Po, HEC Paris, and École Polytechnique function as pipelines into French government, finance, defense, and intelligence sectors. A dataset mapping nearly 40 years of graduates, their career trajectories, current employers, and salary bands is an intelligence goldmine for any adversary conducting espionage targeting, executive fraud, or strategic social engineering against French public and private sector leadership.

For defenders, the key concern is downstream risk. The exposed data enables highly personalized spear-phishing and business email compromise campaigns. Threat actors can cross-reference job-search preferences to identify individuals in career transitions, who are statistically more likely to engage with unsolicited outreach. The inclusion of government officials makes this breach a potential enabler for state-level targeting operations.

The Attack Technique

The specific intrusion vector has not been publicly confirmed. AlumnForce operates as a SaaS platform serving multiple institutional clients through a centralized infrastructure, meaning a single point of compromise could yield data across all 49 institutions simultaneously. Common attack surfaces for platforms of this type include unpatched web application vulnerabilities, exposed APIs, credential stuffing against administrative panels, or exploitation of third-party integrations. The span of data from 1987 to 2026 suggests the attacker gained access to a primary production database or a consolidated data warehouse rather than scraping individual portals.

What Organizations Should Do

Notify affected alumni immediately. All 49 institutions should issue breach notifications and advise users to be vigilant against targeted phishing, particularly any outreach referencing their alma mater, career status, or employer.
Reset credentials across all AlumnForce-connected accounts. Users who reused passwords from their alumni portal accounts should rotate those credentials without delay.
Brief executive protection and government security teams. Organizations employing individuals in the dataset, particularly government agencies, should alert their security operations to the elevated spear-phishing risk.
Monitor for credential stuffing and account takeover. Security teams at affected institutions should watch for anomalous login activity, as exposed email addresses will likely be tested against other platforms.
Flag inbound communications referencing alumni networks. Email security teams should create detection rules for phishing lures that reference AlumnForce, alumni events, or institutional affiliations as social engineering pretexts.
Audit SaaS vendor security posture. Institutions relying on centralized alumni platforms should review their vendor's security controls, incident response capabilities, and data retention policies to reduce exposure from future compromises.

Sources: AlumnForce Data Breach Exposes 2.7 Million User Records